Vulnerability Description
ShortDescription is a MediaWiki extension that provides local short description support. A cross-site scripting (XSS) vulnerability exists in versions prior to 2.3.4. On a wiki that has the ShortDescription enabled, XSS can be triggered on any page or the page with the action=info parameter, which displays the shortdesc property. This is achieved using the wikitext `{{SHORTDESC:<img src=x onerror=alert()>}}`. This issue has a patch in version 2.3.4.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediawiki | Shortdescription | < 2.3.4 |
Related Weaknesses (CWE)
References
- https://github.com/StarCitizenTools/mediawiki-extensions-ShortDescription/commitPatchThird Party Advisory
- https://github.com/StarCitizenTools/mediawiki-extensions-ShortDescription/commitPatchThird Party Advisory
- https://github.com/StarCitizenTools/mediawiki-extensions-ShortDescription/securiExploitThird Party Advisory
- https://github.com/StarCitizenTools/mediawiki-extensions-ShortDescription/commitPatchThird Party Advisory
- https://github.com/StarCitizenTools/mediawiki-extensions-ShortDescription/commitPatchThird Party Advisory
- https://github.com/StarCitizenTools/mediawiki-extensions-ShortDescription/securiExploitThird Party Advisory
FAQ
What is CVE-2022-21710?
CVE-2022-21710 is a vulnerability with a CVSS score of 4.7 (MEDIUM). ShortDescription is a MediaWiki extension that provides local short description support. A cross-site scripting (XSS) vulnerability exists in versions prior to 2.3.4. On a wiki that has the ShortDescr...
How severe is CVE-2022-21710?
CVE-2022-21710 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-21710?
Check the references section above for vendor advisories and patch information. Affected products include: Mediawiki Shortdescription.